Sybase NNTP forums - End Of Life (EOL)

The NNTP forums from Sybase - forums.sybase.com - are now closed.

All new questions should be directed to the appropriate forum at the SAP Community Network (SCN).

Individual products have links to the respective forums on SCN, or you can go to SCN and search for your product in the search box (upper right corner) to find your specific developer center.

HTTP Tunnelling Support

8 posts in General Discussion (old) Last posting was on 2000-03-28 11:23:46.0Z
James Stansell Posted on 2000-03-27 18:35:37.0Z
Newsgroups: sybase.public.easerver
Date: Mon, 27 Mar 2000 12:35:37 -0600
From: James Stansell <stansell@wcg.net>
Organization: Williams Network <URL: http://www.williams.com/>
X-Mailer: Mozilla 4.7 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
Subject: HTTP Tunnelling Support
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 29
NNTP-Posting-Host: securit-v1.twc.com 151.142.252.11
Message-ID: <347_38DFA9F8.69906D15@wcg.net>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:25611
Article PK: 155678

My production systems are running Jaguar v2.0. The client is an applet
running in MSIE 4.01. It is downloaded from the web server, which runs
on a different host. The applet is signed in order to bypass the JVM
sandbox. We use HTTPS to the web server and IIOPS to the Jag server.

Most customers are having no problem, but some are seeing a case where
they can connect to the web server and download the page, but the applet
cannot connect to the Jag server.

The common thread appears to be that their only access to the internet
is through a web proxy server.

The Jaguar documentation says "When connecting, the Jaguar client-side
ORB first tries to open an IIOP connection to the specified address and
port. If the IIOP connection fails, the ORB tries an HTTP-tunnelled
connection to the same address and port."

It appears to me that the HTTP tunnelling is not using the browser's
proxy settings, but I don't have a good way to test it. Can anyone
confirm this?

A secondary question: does anyone know a good way to tell when HTTP
tunnelling is being used?

Thanks in advance,

-james.


Dave Wolf [Sybase] Posted on 2000-03-27 18:48:34.0Z
Newsgroups: sybase.public.easerver
From: "Dave Wolf [Sybase]" <dwolf@sybase.com>
Subject: Re: HTTP Tunnelling Support
Date: Mon, 27 Mar 2000 13:48:34 -0500
Lines: 51
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2919.6600
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
NNTP-Posting-Host: nomad6-31.sybase.com 157.133.176.31
Message-ID: <347_gZl3y2Bm$GA.201@forums.sybase.com>
References: <347_38DFA9F8.69906D15@wcg.net>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:25609
Article PK: 155676

James,

I need a little more information to understand this. The customers where
the applications are failing are using HTTP proxies? Do they allow direct
IIOP traffic out? If they have a HTTP proxy and all trffice must go thorugh
that proxy, you will need to set another ORB property. The problem is you
will need to dynamically set it for these clients. The property is called
com.sybase.CORBA.ProxyHost and com.sybase.CORBA.ProxyPort. These settings
tell the client ORB to ignore the host returned in the IOR from the lookup
and to instead go the the given proxy.

Now you may also need to set other properties to do connect based tunneling.
I think we need to understand more about how the clients firewalls and
proxies are setup.

Dave Wolf
Internet Applications Division

"James Stansell" <stansell@wcg.net> wrote in message
news:38DFA9F8.69906D15@wcg.net...
> My production systems are running Jaguar v2.0. The client is an applet
> running in MSIE 4.01. It is downloaded from the web server, which runs
> on a different host. The applet is signed in order to bypass the JVM
> sandbox. We use HTTPS to the web server and IIOPS to the Jag server.
>
> Most customers are having no problem, but some are seeing a case where
> they can connect to the web server and download the page, but the applet
> cannot connect to the Jag server.
>
> The common thread appears to be that their only access to the internet
> is through a web proxy server.
>
> The Jaguar documentation says "When connecting, the Jaguar client-side
> ORB first tries to open an IIOP connection to the specified address and
> port. If the IIOP connection fails, the ORB tries an HTTP-tunnelled
> connection to the same address and port."
>
> It appears to me that the HTTP tunnelling is not using the browser's
> proxy settings, but I don't have a good way to test it. Can anyone
> confirm this?
>
> A secondary question: does anyone know a good way to tell when HTTP
> tunnelling is being used?
>
> Thanks in advance,
>
> -james.
>
>


Brad Gawne Posted on 2000-03-27 23:54:00.0Z
Newsgroups: sybase.public.easerver
Reply-To: "Brad Gawne" <bgawne@bralar.on.ca>
From: "Brad Gawne" <bgawne@bralar.on.ca>
Subject: Re: HTTP Tunnelling Support
Date: Mon, 27 Mar 2000 18:54:00 -0500
Lines: 78
Organization: Bralar Software Inc.
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2919.6700
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
NNTP-Posting-Host: cr632342-a.lndn1.on.wave.home.com 24.112.55.126
Message-ID: <347_zBThYgEm$GA.290@forums.sybase.com>
References: <347_38DFA9F8.69906D15@wcg.net> <347_gZl3y2Bm$GA.201@forums.sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:25559
Article PK: 155632

Hi Dave,

On a similar note, although not exactly the same I have created a local PB
application which uses Jag components. On my internal network it works
great, however when I send it out to the internet I can connect to Jaguar
but a call to CreateInstance(...) returns 50.

I am using a Linux firewall and am port forwarding traffic from Port 9000
for UDP and TCP packets. Is there anything special that needs to be set up
through PB to make this work? I had thought it should be transparent.

I have a demo to do on Thursday to 1000 people at a convention with this
stuff so hopefully I can get it working or I'm going to have to do screen
captures or terminal server or something <g>.


Regards,
Brad

"Dave Wolf [Sybase]" <dwolf@sybase.com> wrote in message
news:gZl3y2Bm$GA.201@forums.sybase.com...
> James,
>
> I need a little more information to understand this. The customers where
> the applications are failing are using HTTP proxies? Do they allow direct
> IIOP traffic out? If they have a HTTP proxy and all trffice must go
thorugh
> that proxy, you will need to set another ORB property. The problem is you
> will need to dynamically set it for these clients. The property is called
> com.sybase.CORBA.ProxyHost and com.sybase.CORBA.ProxyPort. These settings
> tell the client ORB to ignore the host returned in the IOR from the lookup
> and to instead go the the given proxy.
>
> Now you may also need to set other properties to do connect based
tunneling.
> I think we need to understand more about how the clients firewalls and
> proxies are setup.
>
> Dave Wolf
> Internet Applications Division
>
> "James Stansell" <stansell@wcg.net> wrote in message
> news:38DFA9F8.69906D15@wcg.net...
> > My production systems are running Jaguar v2.0. The client is an applet
> > running in MSIE 4.01. It is downloaded from the web server, which runs
> > on a different host. The applet is signed in order to bypass the JVM
> > sandbox. We use HTTPS to the web server and IIOPS to the Jag server.
> >
> > Most customers are having no problem, but some are seeing a case where
> > they can connect to the web server and download the page, but the applet
> > cannot connect to the Jag server.
> >
> > The common thread appears to be that their only access to the internet
> > is through a web proxy server.
> >
> > The Jaguar documentation says "When connecting, the Jaguar client-side
> > ORB first tries to open an IIOP connection to the specified address and
> > port. If the IIOP connection fails, the ORB tries an HTTP-tunnelled
> > connection to the same address and port."
> >
> > It appears to me that the HTTP tunnelling is not using the browser's
> > proxy settings, but I don't have a good way to test it. Can anyone
> > confirm this?
> >
> > A secondary question: does anyone know a good way to tell when HTTP
> > tunnelling is being used?
> >
> > Thanks in advance,
> >
> > -james.
> >
> >
>
>


Dave Wolf [Sybase] Posted on 2000-03-28 02:00:07.0Z
Newsgroups: sybase.public.easerver
From: "Dave Wolf [Sybase]" <dwolf@sybase.com>
Subject: Re: HTTP Tunnelling Support
Date: Mon, 27 Mar 2000 21:00:07 -0500
Lines: 101
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2919.6600
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
NNTP-Posting-Host: nomad6-31.sybase.com 157.133.176.31
Message-ID: <347_YPdLBoFm$GA.290@forums.sybase.com>
References: <347_38DFA9F8.69906D15@wcg.net> <347_gZl3y2Bm$GA.201@forums.sybase.com> <347_zBThYgEm$GA.290@forums.sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:25538
Article PK: 155613

Brad,

Is your firewall doing any Network Address Translation (NTA)? In other
words, the IP forwarding. Do the client connect to a different IP/Hostname
than EAS is running on?

Dave Wolf
Internet Applications Division

"Brad Gawne" <bgawne@bralar.on.ca> wrote in message
news:zBThYgEm$GA.290@forums.sybase.com...
> Hi Dave,
>
> On a similar note, although not exactly the same I have created a local PB
> application which uses Jag components. On my internal network it works
> great, however when I send it out to the internet I can connect to Jaguar
> but a call to CreateInstance(...) returns 50.
>
> I am using a Linux firewall and am port forwarding traffic from Port 9000
> for UDP and TCP packets. Is there anything special that needs to be set up
> through PB to make this work? I had thought it should be transparent.
>
> I have a demo to do on Thursday to 1000 people at a convention with this
> stuff so hopefully I can get it working or I'm going to have to do screen
> captures or terminal server or something <g>.
>
>
> Regards,
> Brad
>
>
>
> "Dave Wolf [Sybase]" <dwolf@sybase.com> wrote in message
> news:gZl3y2Bm$GA.201@forums.sybase.com...
> > James,
> >
> > I need a little more information to understand this. The customers
where
> > the applications are failing are using HTTP proxies? Do they allow
direct
> > IIOP traffic out? If they have a HTTP proxy and all trffice must go
> thorugh
> > that proxy, you will need to set another ORB property. The problem is
you
> > will need to dynamically set it for these clients. The property is
called
> > com.sybase.CORBA.ProxyHost and com.sybase.CORBA.ProxyPort. These
settings
> > tell the client ORB to ignore the host returned in the IOR from the
lookup
> > and to instead go the the given proxy.
> >
> > Now you may also need to set other properties to do connect based
> tunneling.
> > I think we need to understand more about how the clients firewalls and
> > proxies are setup.
> >
> > Dave Wolf
> > Internet Applications Division
> >
> > "James Stansell" <stansell@wcg.net> wrote in message
> > news:38DFA9F8.69906D15@wcg.net...
> > > My production systems are running Jaguar v2.0. The client is an
applet
> > > running in MSIE 4.01. It is downloaded from the web server, which
runs
> > > on a different host. The applet is signed in order to bypass the JVM
> > > sandbox. We use HTTPS to the web server and IIOPS to the Jag server.
> > >
> > > Most customers are having no problem, but some are seeing a case where
> > > they can connect to the web server and download the page, but the
applet
> > > cannot connect to the Jag server.
> > >
> > > The common thread appears to be that their only access to the internet
> > > is through a web proxy server.
> > >
> > > The Jaguar documentation says "When connecting, the Jaguar client-side
> > > ORB first tries to open an IIOP connection to the specified address
and
> > > port. If the IIOP connection fails, the ORB tries an HTTP-tunnelled
> > > connection to the same address and port."
> > >
> > > It appears to me that the HTTP tunnelling is not using the browser's
> > > proxy settings, but I don't have a good way to test it. Can anyone
> > > confirm this?
> > >
> > > A secondary question: does anyone know a good way to tell when HTTP
> > > tunnelling is being used?
> > >
> > > Thanks in advance,
> > >
> > > -james.
> > >
> > >
> >
> >
>
>


Brad Gawne Posted on 2000-03-28 02:31:43.0Z
Newsgroups: sybase.public.easerver
Reply-To: "Brad Gawne" <bgawne@bralar.on.ca>
From: "Brad Gawne" <bgawne@bralar.on.ca>
Subject: Re: HTTP Tunnelling Support
Date: Mon, 27 Mar 2000 21:31:43 -0500
Lines: 135
Organization: Bralar Software Inc.
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2919.6700
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
NNTP-Posting-Host: cr632342-a.lndn1.on.wave.home.com 24.112.55.126
Message-ID: <347_i$1lg4Fm$GA.201@forums.sybase.com>
References: <347_38DFA9F8.69906D15@wcg.net> <347_gZl3y2Bm$GA.201@forums.sybase.com> <347_zBThYgEm$GA.290@forums.sybase.com> <347_YPdLBoFm$GA.290@forums.sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:25528
Article PK: 154315

Hi Dave,

It's standard Linux Masquerading, it's not using NAT specifically, although
I guess technically the MASQ inteface is translating addresses.

The IP call comes into the firewall, the firewall then says hey port 9000
should go to internal server X on the inside and the IP packet is doctored
up with the correct IP information and sent on into the internal network for
capture by Server X.

Usually the only time this scheme gives problems is if a service dynamically
allocates ports like MS Netmeeting or Real Audio does.



Regards,

Brad

"Dave Wolf [Sybase]" <dwolf@sybase.com> wrote in message
news:YPdLBoFm$GA.290@forums.sybase.com...
> Brad,
>
> Is your firewall doing any Network Address Translation (NTA)? In other
> words, the IP forwarding. Do the client connect to a different
IP/Hostname
> than EAS is running on?
>
> Dave Wolf
> Internet Applications Division
>
> "Brad Gawne" <bgawne@bralar.on.ca> wrote in message
> news:zBThYgEm$GA.290@forums.sybase.com...
> > Hi Dave,
> >
> > On a similar note, although not exactly the same I have created a local
PB
> > application which uses Jag components. On my internal network it works
> > great, however when I send it out to the internet I can connect to
Jaguar
> > but a call to CreateInstance(...) returns 50.
> >
> > I am using a Linux firewall and am port forwarding traffic from Port
9000
> > for UDP and TCP packets. Is there anything special that needs to be set
up
> > through PB to make this work? I had thought it should be transparent.
> >
> > I have a demo to do on Thursday to 1000 people at a convention with this
> > stuff so hopefully I can get it working or I'm going to have to do
screen
> > captures or terminal server or something <g>.
> >
> >
> > Regards,
> > Brad
> >
> >
> >
> > "Dave Wolf [Sybase]" <dwolf@sybase.com> wrote in message
> > news:gZl3y2Bm$GA.201@forums.sybase.com...
> > > James,
> > >
> > > I need a little more information to understand this. The customers
> where
> > > the applications are failing are using HTTP proxies? Do they allow
> direct
> > > IIOP traffic out? If they have a HTTP proxy and all trffice must go
> > thorugh
> > > that proxy, you will need to set another ORB property. The problem is
> you
> > > will need to dynamically set it for these clients. The property is
> called
> > > com.sybase.CORBA.ProxyHost and com.sybase.CORBA.ProxyPort. These
> settings
> > > tell the client ORB to ignore the host returned in the IOR from the
> lookup
> > > and to instead go the the given proxy.
> > >
> > > Now you may also need to set other properties to do connect based
> > tunneling.
> > > I think we need to understand more about how the clients firewalls and
> > > proxies are setup.
> > >
> > > Dave Wolf
> > > Internet Applications Division
> > >
> > > "James Stansell" <stansell@wcg.net> wrote in message
> > > news:38DFA9F8.69906D15@wcg.net...
> > > > My production systems are running Jaguar v2.0. The client is an
> applet
> > > > running in MSIE 4.01. It is downloaded from the web server, which
> runs
> > > > on a different host. The applet is signed in order to bypass the
JVM
> > > > sandbox. We use HTTPS to the web server and IIOPS to the Jag
server.
> > > >
> > > > Most customers are having no problem, but some are seeing a case
where
> > > > they can connect to the web server and download the page, but the
> applet
> > > > cannot connect to the Jag server.
> > > >
> > > > The common thread appears to be that their only access to the
internet
> > > > is through a web proxy server.
> > > >
> > > > The Jaguar documentation says "When connecting, the Jaguar
client-side
> > > > ORB first tries to open an IIOP connection to the specified address
> and
> > > > port. If the IIOP connection fails, the ORB tries an HTTP-tunnelled
> > > > connection to the same address and port."
> > > >
> > > > It appears to me that the HTTP tunnelling is not using the browser's
> > > > proxy settings, but I don't have a good way to test it. Can anyone
> > > > confirm this?
> > > >
> > > > A secondary question: does anyone know a good way to tell when HTTP
> > > > tunnelling is being used?
> > > >
> > > > Thanks in advance,
> > > >
> > > > -james.
> > > >
> > > >
> > >
> > >
> >
> >
>
>


Dave Wolf [Sybase] Posted on 2000-03-28 02:40:07.0Z
Newsgroups: sybase.public.easerver
From: "Dave Wolf [Sybase]" <dwolf@sybase.com>
Subject: Re: HTTP Tunnelling Support
Date: Mon, 27 Mar 2000 21:40:07 -0500
Lines: 181
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2919.6600
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
NNTP-Posting-Host: nomad6-31.sybase.com 157.133.176.31
Message-ID: <347_jYSnV#Fm$GA.201@forums.sybase.com>
References: <347_38DFA9F8.69906D15@wcg.net> <347_gZl3y2Bm$GA.201@forums.sybase.com> <347_zBThYgEm$GA.290@forums.sybase.com> <347_YPdLBoFm$GA.290@forums.sybase.com> <347_i$1lg4Fm$GA.201@forums.sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:25527
Article PK: 154312

Ok here's the issue.

Lets say the IP name as the client sees it is "outside" but the IP name that
EAS is on is called "inside".

When the client does a connect to outside and a lookup it gets backa
factory object. That factory object has an IOR within it that contains the
server which has the object. That server (EAS) was listening to "inside"
and hence returns an IOR with the hostname as "inside". When the client
tried to connect to "inside" it fails as the firewall wont let it through.

So they fix is this. Set an ORB property

com.sybase.CORBA.ProxyHost

and set its value to

outside

This will tell the ORB to ignore the host in the IOR and to connect only to
the firewall host name. You can also set the ProxyPort if the port the
client connects to on the firewall differs from the port that EAS is
listening to.

Confused yet?

Dave Wolf
Internet Applications Division

"Brad Gawne" <bgawne@bralar.on.ca> wrote in message
news:i$1lg4Fm$GA.201@forums.sybase.com...
> Hi Dave,
>
> It's standard Linux Masquerading, it's not using NAT specifically,
although
> I guess technically the MASQ inteface is translating addresses.
>
> The IP call comes into the firewall, the firewall then says hey port 9000
> should go to internal server X on the inside and the IP packet is doctored
> up with the correct IP information and sent on into the internal network
for
> capture by Server X.
>
> Usually the only time this scheme gives problems is if a service
dynamically
> allocates ports like MS Netmeeting or Real Audio does.
>
>
>
> Regards,
>
> Brad
>
> "Dave Wolf [Sybase]" <dwolf@sybase.com> wrote in message
> news:YPdLBoFm$GA.290@forums.sybase.com...
> > Brad,
> >
> > Is your firewall doing any Network Address Translation (NTA)? In other
> > words, the IP forwarding. Do the client connect to a different
> IP/Hostname
> > than EAS is running on?
> >
> > Dave Wolf
> > Internet Applications Division
> >
> > "Brad Gawne" <bgawne@bralar.on.ca> wrote in message
> > news:zBThYgEm$GA.290@forums.sybase.com...
> > > Hi Dave,
> > >
> > > On a similar note, although not exactly the same I have created a
local
> PB
> > > application which uses Jag components. On my internal network it works
> > > great, however when I send it out to the internet I can connect to
> Jaguar
> > > but a call to CreateInstance(...) returns 50.
> > >
> > > I am using a Linux firewall and am port forwarding traffic from Port
> 9000
> > > for UDP and TCP packets. Is there anything special that needs to be
set
> up
> > > through PB to make this work? I had thought it should be transparent.
> > >
> > > I have a demo to do on Thursday to 1000 people at a convention with
this
> > > stuff so hopefully I can get it working or I'm going to have to do
> screen
> > > captures or terminal server or something <g>.
> > >
> > >
> > > Regards,
> > > Brad
> > >
> > >
> > >
> > > "Dave Wolf [Sybase]" <dwolf@sybase.com> wrote in message
> > > news:gZl3y2Bm$GA.201@forums.sybase.com...
> > > > James,
> > > >
> > > > I need a little more information to understand this. The customers
> > where
> > > > the applications are failing are using HTTP proxies? Do they allow
> > direct
> > > > IIOP traffic out? If they have a HTTP proxy and all trffice must go
> > > thorugh
> > > > that proxy, you will need to set another ORB property. The problem
is
> > you
> > > > will need to dynamically set it for these clients. The property is
> > called
> > > > com.sybase.CORBA.ProxyHost and com.sybase.CORBA.ProxyPort. These
> > settings
> > > > tell the client ORB to ignore the host returned in the IOR from the
> > lookup
> > > > and to instead go the the given proxy.
> > > >
> > > > Now you may also need to set other properties to do connect based
> > > tunneling.
> > > > I think we need to understand more about how the clients firewalls
and
> > > > proxies are setup.
> > > >
> > > > Dave Wolf
> > > > Internet Applications Division
> > > >
> > > > "James Stansell" <stansell@wcg.net> wrote in message
> > > > news:38DFA9F8.69906D15@wcg.net...
> > > > > My production systems are running Jaguar v2.0. The client is an
> > applet
> > > > > running in MSIE 4.01. It is downloaded from the web server, which
> > runs
> > > > > on a different host. The applet is signed in order to bypass the
> JVM
> > > > > sandbox. We use HTTPS to the web server and IIOPS to the Jag
> server.
> > > > >
> > > > > Most customers are having no problem, but some are seeing a case
> where
> > > > > they can connect to the web server and download the page, but the
> > applet
> > > > > cannot connect to the Jag server.
> > > > >
> > > > > The common thread appears to be that their only access to the
> internet
> > > > > is through a web proxy server.
> > > > >
> > > > > The Jaguar documentation says "When connecting, the Jaguar
> client-side
> > > > > ORB first tries to open an IIOP connection to the specified
address
> > and
> > > > > port. If the IIOP connection fails, the ORB tries an
HTTP-tunnelled
> > > > > connection to the same address and port."
> > > > >
> > > > > It appears to me that the HTTP tunnelling is not using the
browser's
> > > > > proxy settings, but I don't have a good way to test it. Can
anyone
> > > > > confirm this?
> > > > >
> > > > > A secondary question: does anyone know a good way to tell when
HTTP
> > > > > tunnelling is being used?
> > > > >
> > > > > Thanks in advance,
> > > > >
> > > > > -james.
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>


Brad Gawne Posted on 2000-03-28 02:55:49.0Z
Newsgroups: sybase.public.easerver
Reply-To: "Brad Gawne" <bgawne@bralar.on.ca>
From: "Brad Gawne" <bgawne@bralar.on.ca>
Subject: Re: HTTP Tunnelling Support
Date: Mon, 27 Mar 2000 21:55:49 -0500
Lines: 217
Organization: Bralar Software Inc.
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2919.6700
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
NNTP-Posting-Host: cr632342-a.lndn1.on.wave.home.com 24.112.55.126
Message-ID: <347_GlPt#FGm$GA.290@forums.sybase.com>
References: <347_38DFA9F8.69906D15@wcg.net> <347_gZl3y2Bm$GA.201@forums.sybase.com> <347_zBThYgEm$GA.290@forums.sybase.com> <347_YPdLBoFm$GA.290@forums.sybase.com> <347_i$1lg4Fm$GA.201@forums.sybase.com> <347_jYSnV#Fm$GA.201@forums.sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:25524
Article PK: 154314

Hi Dave,

Confused, maybe. Need a couple of drinks -- oh yeah <g>.
How do I actually set those settings from Powerbuilder though? I can't seem
to find any docs on setting the ORB properties from PB.


Regards,
Brad

"Dave Wolf [Sybase]" <dwolf@sybase.com> wrote in message
news:jYSnV#Fm$GA.201@forums.sybase.com...
> Ok here's the issue.
>
> Lets say the IP name as the client sees it is "outside" but the IP name
that
> EAS is on is called "inside".
>
> When the client does a connect to outside and a lookup it gets backa
> factory object. That factory object has an IOR within it that contains
the
> server which has the object. That server (EAS) was listening to "inside"
> and hence returns an IOR with the hostname as "inside". When the client
> tried to connect to "inside" it fails as the firewall wont let it through.
>
> So they fix is this. Set an ORB property
>
> com.sybase.CORBA.ProxyHost
>
> and set its value to
>
> outside
>
> This will tell the ORB to ignore the host in the IOR and to connect only
to
> the firewall host name. You can also set the ProxyPort if the port the
> client connects to on the firewall differs from the port that EAS is
> listening to.
>
> Confused yet?
>
> Dave Wolf
> Internet Applications Division
>
> "Brad Gawne" <bgawne@bralar.on.ca> wrote in message
> news:i$1lg4Fm$GA.201@forums.sybase.com...
> > Hi Dave,
> >
> > It's standard Linux Masquerading, it's not using NAT specifically,
> although
> > I guess technically the MASQ inteface is translating addresses.
> >
> > The IP call comes into the firewall, the firewall then says hey port
9000
> > should go to internal server X on the inside and the IP packet is
doctored
> > up with the correct IP information and sent on into the internal network
> for
> > capture by Server X.
> >
> > Usually the only time this scheme gives problems is if a service
> dynamically
> > allocates ports like MS Netmeeting or Real Audio does.
> >
> >
> >
> > Regards,
> >
> > Brad
> >
> > "Dave Wolf [Sybase]" <dwolf@sybase.com> wrote in message
> > news:YPdLBoFm$GA.290@forums.sybase.com...
> > > Brad,
> > >
> > > Is your firewall doing any Network Address Translation (NTA)? In
other
> > > words, the IP forwarding. Do the client connect to a different
> > IP/Hostname
> > > than EAS is running on?
> > >
> > > Dave Wolf
> > > Internet Applications Division
> > >
> > > "Brad Gawne" <bgawne@bralar.on.ca> wrote in message
> > > news:zBThYgEm$GA.290@forums.sybase.com...
> > > > Hi Dave,
> > > >
> > > > On a similar note, although not exactly the same I have created a
> local
> > PB
> > > > application which uses Jag components. On my internal network it
works
> > > > great, however when I send it out to the internet I can connect to
> > Jaguar
> > > > but a call to CreateInstance(...) returns 50.
> > > >
> > > > I am using a Linux firewall and am port forwarding traffic from Port
> > 9000
> > > > for UDP and TCP packets. Is there anything special that needs to be
> set
> > up
> > > > through PB to make this work? I had thought it should be
transparent.
> > > >
> > > > I have a demo to do on Thursday to 1000 people at a convention with
> this
> > > > stuff so hopefully I can get it working or I'm going to have to do
> > screen
> > > > captures or terminal server or something <g>.
> > > >
> > > >
> > > > Regards,
> > > > Brad
> > > >
> > > >
> > > >
> > > > "Dave Wolf [Sybase]" <dwolf@sybase.com> wrote in message
> > > > news:gZl3y2Bm$GA.201@forums.sybase.com...
> > > > > James,
> > > > >
> > > > > I need a little more information to understand this. The
customers
> > > where
> > > > > the applications are failing are using HTTP proxies? Do they
allow
> > > direct
> > > > > IIOP traffic out? If they have a HTTP proxy and all trffice must
go
> > > > thorugh
> > > > > that proxy, you will need to set another ORB property. The
problem
> is
> > > you
> > > > > will need to dynamically set it for these clients. The property
is
> > > called
> > > > > com.sybase.CORBA.ProxyHost and com.sybase.CORBA.ProxyPort. These
> > > settings
> > > > > tell the client ORB to ignore the host returned in the IOR from
the
> > > lookup
> > > > > and to instead go the the given proxy.
> > > > >
> > > > > Now you may also need to set other properties to do connect based
> > > > tunneling.
> > > > > I think we need to understand more about how the clients firewalls
> and
> > > > > proxies are setup.
> > > > >
> > > > > Dave Wolf
> > > > > Internet Applications Division
> > > > >
> > > > > "James Stansell" <stansell@wcg.net> wrote in message
> > > > > news:38DFA9F8.69906D15@wcg.net...
> > > > > > My production systems are running Jaguar v2.0. The client is an
> > > applet
> > > > > > running in MSIE 4.01. It is downloaded from the web server,
which
> > > runs
> > > > > > on a different host. The applet is signed in order to bypass
the
> > JVM
> > > > > > sandbox. We use HTTPS to the web server and IIOPS to the Jag
> > server.
> > > > > >
> > > > > > Most customers are having no problem, but some are seeing a case
> > where
> > > > > > they can connect to the web server and download the page, but
the
> > > applet
> > > > > > cannot connect to the Jag server.
> > > > > >
> > > > > > The common thread appears to be that their only access to the
> > internet
> > > > > > is through a web proxy server.
> > > > > >
> > > > > > The Jaguar documentation says "When connecting, the Jaguar
> > client-side
> > > > > > ORB first tries to open an IIOP connection to the specified
> address
> > > and
> > > > > > port. If the IIOP connection fails, the ORB tries an
> HTTP-tunnelled
> > > > > > connection to the same address and port."
> > > > > >
> > > > > > It appears to me that the HTTP tunnelling is not using the
> browser's
> > > > > > proxy settings, but I don't have a good way to test it. Can
> anyone
> > > > > > confirm this?
> > > > > >
> > > > > > A secondary question: does anyone know a good way to tell when
> HTTP
> > > > > > tunnelling is being used?
> > > > > >
> > > > > > Thanks in advance,
> > > > > >
> > > > > > -james.
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>


Dave Wolf [Sybase] Posted on 2000-03-28 11:23:46.0Z
Newsgroups: sybase.public.easerver
From: "Dave Wolf [Sybase]" <dwolf@sybase.com>
Subject: Re: HTTP Tunnelling Support
Date: Tue, 28 Mar 2000 06:23:46 -0500
Lines: 240
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2919.6600
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
NNTP-Posting-Host: nomad6-31.sybase.com 157.133.176.31
Message-ID: <347_gX9h7iKm$GA.290@forums.sybase.com>
References: <347_38DFA9F8.69906D15@wcg.net> <347_gZl3y2Bm$GA.201@forums.sybase.com> <347_zBThYgEm$GA.290@forums.sybase.com> <347_YPdLBoFm$GA.290@forums.sybase.com> <347_i$1lg4Fm$GA.201@forums.sybase.com> <347_jYSnV#Fm$GA.201@forums.sybase.com> <347_GlPt#FGm$GA.290@forums.sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:25515
Article PK: 155596

You just set the ProxyHost right? So do it the same way. Im not sure I
understand exactly what you want to do though.

Dave Wolf
Internet Applications Division

"Brad Gawne" <bgawne@bralar.on.ca> wrote in message
news:GlPt#FGm$GA.290@forums.sybase.com...
> Hi Dave,
>
> Confused, maybe. Need a couple of drinks -- oh yeah <g>.
> How do I actually set those settings from Powerbuilder though? I can't
seem
> to find any docs on setting the ORB properties from PB.
>
>
> Regards,
> Brad
>
>
>
>
>
>
> "Dave Wolf [Sybase]" <dwolf@sybase.com> wrote in message
> news:jYSnV#Fm$GA.201@forums.sybase.com...
> > Ok here's the issue.
> >
> > Lets say the IP name as the client sees it is "outside" but the IP name
> that
> > EAS is on is called "inside".
> >
> > When the client does a connect to outside and a lookup it gets backa
> > factory object. That factory object has an IOR within it that contains
> the
> > server which has the object. That server (EAS) was listening to
"inside"
> > and hence returns an IOR with the hostname as "inside". When the client
> > tried to connect to "inside" it fails as the firewall wont let it
through.
> >
> > So they fix is this. Set an ORB property
> >
> > com.sybase.CORBA.ProxyHost
> >
> > and set its value to
> >
> > outside
> >
> > This will tell the ORB to ignore the host in the IOR and to connect only
> to
> > the firewall host name. You can also set the ProxyPort if the port the
> > client connects to on the firewall differs from the port that EAS is
> > listening to.
> >
> > Confused yet?
> >
> > Dave Wolf
> > Internet Applications Division
> >
> > "Brad Gawne" <bgawne@bralar.on.ca> wrote in message
> > news:i$1lg4Fm$GA.201@forums.sybase.com...
> > > Hi Dave,
> > >
> > > It's standard Linux Masquerading, it's not using NAT specifically,
> > although
> > > I guess technically the MASQ inteface is translating addresses.
> > >
> > > The IP call comes into the firewall, the firewall then says hey port
> 9000
> > > should go to internal server X on the inside and the IP packet is
> doctored
> > > up with the correct IP information and sent on into the internal
network
> > for
> > > capture by Server X.
> > >
> > > Usually the only time this scheme gives problems is if a service
> > dynamically
> > > allocates ports like MS Netmeeting or Real Audio does.
> > >
> > >
> > >
> > > Regards,
> > >
> > > Brad
> > >
> > > "Dave Wolf [Sybase]" <dwolf@sybase.com> wrote in message
> > > news:YPdLBoFm$GA.290@forums.sybase.com...
> > > > Brad,
> > > >
> > > > Is your firewall doing any Network Address Translation (NTA)? In
> other
> > > > words, the IP forwarding. Do the client connect to a different
> > > IP/Hostname
> > > > than EAS is running on?
> > > >
> > > > Dave Wolf
> > > > Internet Applications Division
> > > >
> > > > "Brad Gawne" <bgawne@bralar.on.ca> wrote in message
> > > > news:zBThYgEm$GA.290@forums.sybase.com...
> > > > > Hi Dave,
> > > > >
> > > > > On a similar note, although not exactly the same I have created a
> > local
> > > PB
> > > > > application which uses Jag components. On my internal network it
> works
> > > > > great, however when I send it out to the internet I can connect to
> > > Jaguar
> > > > > but a call to CreateInstance(...) returns 50.
> > > > >
> > > > > I am using a Linux firewall and am port forwarding traffic from
Port
> > > 9000
> > > > > for UDP and TCP packets. Is there anything special that needs to
be
> > set
> > > up
> > > > > through PB to make this work? I had thought it should be
> transparent.
> > > > >
> > > > > I have a demo to do on Thursday to 1000 people at a convention
with
> > this
> > > > > stuff so hopefully I can get it working or I'm going to have to do
> > > screen
> > > > > captures or terminal server or something <g>.
> > > > >
> > > > >
> > > > > Regards,
> > > > > Brad
> > > > >
> > > > >
> > > > >
> > > > > "Dave Wolf [Sybase]" <dwolf@sybase.com> wrote in message
> > > > > news:gZl3y2Bm$GA.201@forums.sybase.com...
> > > > > > James,
> > > > > >
> > > > > > I need a little more information to understand this. The
> customers
> > > > where
> > > > > > the applications are failing are using HTTP proxies? Do they
> allow
> > > > direct
> > > > > > IIOP traffic out? If they have a HTTP proxy and all trffice
must
> go
> > > > > thorugh
> > > > > > that proxy, you will need to set another ORB property. The
> problem
> > is
> > > > you
> > > > > > will need to dynamically set it for these clients. The property
> is
> > > > called
> > > > > > com.sybase.CORBA.ProxyHost and com.sybase.CORBA.ProxyPort.
These
> > > > settings
> > > > > > tell the client ORB to ignore the host returned in the IOR from
> the
> > > > lookup
> > > > > > and to instead go the the given proxy.
> > > > > >
> > > > > > Now you may also need to set other properties to do connect
based
> > > > > tunneling.
> > > > > > I think we need to understand more about how the clients
firewalls
> > and
> > > > > > proxies are setup.
> > > > > >
> > > > > > Dave Wolf
> > > > > > Internet Applications Division
> > > > > >
> > > > > > "James Stansell" <stansell@wcg.net> wrote in message
> > > > > > news:38DFA9F8.69906D15@wcg.net...
> > > > > > > My production systems are running Jaguar v2.0. The client is
an
> > > > applet
> > > > > > > running in MSIE 4.01. It is downloaded from the web server,
> which
> > > > runs
> > > > > > > on a different host. The applet is signed in order to bypass
> the
> > > JVM
> > > > > > > sandbox. We use HTTPS to the web server and IIOPS to the Jag
> > > server.
> > > > > > >
> > > > > > > Most customers are having no problem, but some are seeing a
case
> > > where
> > > > > > > they can connect to the web server and download the page, but
> the
> > > > applet
> > > > > > > cannot connect to the Jag server.
> > > > > > >
> > > > > > > The common thread appears to be that their only access to the
> > > internet
> > > > > > > is through a web proxy server.
> > > > > > >
> > > > > > > The Jaguar documentation says "When connecting, the Jaguar
> > > client-side
> > > > > > > ORB first tries to open an IIOP connection to the specified
> > address
> > > > and
> > > > > > > port. If the IIOP connection fails, the ORB tries an
> > HTTP-tunnelled
> > > > > > > connection to the same address and port."
> > > > > > >
> > > > > > > It appears to me that the HTTP tunnelling is not using the
> > browser's
> > > > > > > proxy settings, but I don't have a good way to test it. Can
> > anyone
> > > > > > > confirm this?
> > > > > > >
> > > > > > > A secondary question: does anyone know a good way to tell when
> > HTTP
> > > > > > > tunnelling is being used?
> > > > > > >
> > > > > > > Thanks in advance,
> > > > > > >
> > > > > > > -james.
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>